Bug 149270 – logrotate is messing up with noexec mounted /tmp

Bug 149270 - logrotate is messing up with noexec mounted /tmp

Summary:	logrotate is messing up with noexec mounted /tmp

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	logrotate (Show other bugs)
Sub Component:
Version:	3
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Peter Vrabec
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-02-21 15:06 EST by Michal Jaegermann
Modified:	2007-11-30 17:11 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-02-22 08:20:35 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Check this. (46.80 KB, text/plain) 2005-02-22 08:19 EST, Peter Vrabec	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Michal Jaegermann 2005-02-21 15:06:14 EST

Description of problem:

After an updgrade to FC3 logrotate fails to switch to new logs
with only not that informative messages from cron like:

error: error running shared postrotate script for /var/log/cups/*_log

Debugging information is not much more revealing either and
only strace eventually shows that logrotate writes to a file with
permissions 0700 in /tmp and tries to run that directly instead
of doing "sh /tmp/<whatever>".  With /tmp which happens to be mounted
"noexec" this clearly fails.

Moreover logrotate.conf does not provide any options to switch
temporary directory somewhere else. Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either.

Older versions of logrotate did not suffer from this affliction
so this came as a nasty surprise.

Version-Release number of selected component (if applicable):
logrotate-3.7.1-2

Comment 1 Peter Vrabec 2005-02-22 08:19:57 EST

Created attachment 111293 [details]
Check this.

I hope it will work fine. Logrotate does not use tmpfile in /tmp to run script.

Comment 2 Michal Jaegermann 2005-02-22 11:44:08 EST

What I see in a code indeed it looks that it will work.  There is
one more nit, though.  Both the current and the previous code
(it was writing "#!/bin/sh\n\n" at the top of a temporary file)
presume that all logrorate scripts would have to comprise from
a valid sh code (well, bash in practical terms).  I do not see
that explicitely documented anywhere.

A trivial "one liner" shell wrapper really allows to use there
anything which will execute but one should not dig through sorces
to reach that conclusion.

Comment 3 Kristina Clair 2005-04-13 12:07:41 EDT

"Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either."

How exactly would I use TMPDIR to get around this problem?  I tried defining it
in the shell script that runs logrotate, but that didn't help.

Comment 4 Michal Jaegermann 2005-04-13 13:12:34 EDT

export TMPDIR=/var/tmp

as the second line in /etc/cron.daily/logrotate should do assuming that
a version of /usr/sbin/logrotate pays attention to that variable.  Worksforme.

Comment 5 Michal Jaegermann 2005-10-16 12:28:36 EDT

3.7.1-5.RHEL4, with last changelog entries from 2005-07-13, is broken in
the same way as 3.7.1-2

Note You need to log in before you can comment on or make changes to this bug.